July 13, 2018

State System Summit opens Sunday
with top speakers focusing on key issues

A program featuring 17 speakers over four days of sessions and covering issues ranging from “the state of the state credit union system” to “preparing banks for faster payments” to “thoughts of housing finance reform” kicks off Sunday, with regulators, credit union and system leaders from around the states gathering in Orlando for the 2018 NASCUS State System Summit.

The annual event – designed by NASCUS as the place where credit unions and state financial regulators can meet annually to discuss important credit union issues.

“In fact, NASCUS is the only association where both regulators and credit unions can join to exchange mutual dialogue that helps shape regulations,” said NASCUS President and CEO Lucy Ito. “The frank, candid and respectful discussions fostered at our Summit aim at solving problems, with input from the industry, and providing the opportunity for state credit unions and regulators to engage on neutral ground over common interests.”

Among those speaking at the event (starting at the top in the graphic) are: NASCUS’ Lucy Ito (speaking on the “state of the state credit union system”); (middle row, from left) John Lass (“Back to the Future”); Tom Hecht (“Surveying the Litigation Landscape”); Keith Kelly (“Next Big Idea Winner”); Trey Maust (“Resiliency in the Wake of a Destructive Cyber-Attack”); Chad Nordstrom (“Six Easy Pieces: Essentials of Cybersecurity”); (bottom row, from left) Jon Jeffreys (“Charters Old and New”); Tina Solis (“Surveying the Litigation Landscape”); Michael Christians (“Regulatory Update”); Isaac Boltansky(“Thoughts of Housing Finance Reform”).

The program also features the presentation of the 2018 Pierre Jay Award to retired credit union executive Ron McDaniel, and Sarah Vega, chief of staff for NCUA Board Chairman J. Mark McWatters, and former Director of the Illinois Department of Financial Institutions (and former NASCUS chairman).

The event is being held, Sunday through Thursday next week, at the Disney Yacht and Beach Club resort in Orlando, Fla.

SUMMARY OFFERS EFFICIENT VIEW OF CAPITAL PLANNING, STRESS-TEST RULE

NCUA’s new rule on capital planning and stress testing – which took effect June 1 – is efficiently outlined in a series of tables contained in a new summary of the rule posted this week by NASCUS.

The summary notes that the final rule – approved by the NCUA Board in April – groups covered credit unions in three tiers reflecting the covered credit unions’ size, complexity, and financial condition. Under the final rule, the summary points out, credit unions with greater than $10 billion in assets, but in the lowest Tier, would generally be exempted from stress testing. Credit unions in the lowest 2 Tiers would continue to develop capital plans but no longer submit those plans to NCUA for approval. Also, under the final rule, covered credit unions subject to stress testing would conduct their own stress tests rather than having NCUA conduct the tests, the summary points out.

Credit unions with assets greater than $20 billion will continue to submit plans (by May 31) that must be approved by the agency.

The NASCUS summary offers easy-to-read tables that display the requirements of the rule. The tables cover: the three tiers; capital planning requirements for each tier; and stress-testing requirements for each tier.

… ADDITIONAL SUMMARY LOOKS AT NEW FOM RULE FOR FCUS

And a second, extensive, summary was also posted this week focusing on NCUA’s new field of membership (FOM) rule and chartering manual – which applies only to federal credit unions (FCUs), but likely holds considerable interest for state charters as well.

The summary offers an “at a glance” view of the final rule, which takes effect Sept. 1 (and was adopted by the NCUA Board at its June 21 meeting). It details that the final rule will:

Allow an FCU to submit a narrative to establish the existence of a well-defined local community (WDLC) instead of limiting FCUs to pre-designated presumptive communities;

Establish a process for the holding of a public hearing and invite public comment on FCU applications for a WDLC that would exceed 2.5 million people;

Permit FCUs to designate portions of a community that is subdivided into metropolitan divisions as its WDLC without regard to division boundaries.

“NCUA notes that it believes the final rule is compatible with the recent District Court opinion regarding its 2017 final FCU field of membership (FOM) rule,” the summary notes (NASCUS has prepared and posted a summary of that ruling – for members only – available at the link below).

The NASCUS summary also includes an extensive table which details the 13 criteria that the final rule characterizes as “commonality” among residents that a FCU should address if it opts to use the narrative approach to define a custom drawn community.

AROUND THE STATES: Privacy in CA; marijuana rules in NY

Events of interest “around the states” are being regularly updated on the NASCUS website, including two recenet actions in California and New York.

In California, Gov. Jerry Brown (D) signed into law the California Consumer Privacy Act of 2018 (AB 375), which will give consumers the right, beginning in 2020, to request all the data businesses are collecting on them, as well as the right to request that businesses not sell any of their data. The new law (passed without opposition in both the state assembly and senate) mandates strict disclosure rules about data collected by businesses, and empowers the state’s attorney general to fine businesses for non-compliance.

The bill was passed to prevent voters from passing stricter rules in November. Californians for Consumer Privacy, a group headed by real estate developer Alistair Mactaggart, had been preparing a ballot initiative that would have gone even further than AB 375.

In New York, state-chartered credit unions and banks are encouraged to consider establishing banking relationships with state medical marijuana-related businesses that are in full compliance with state laws and regulations, under guidance issued by the the New York Department of Financial Services (DFS).

The state agency noted, in issuing the guidance, that it will not impose any regulatory action on any state-chartered banks or credit unions for establishing a banking relationship with a medical marijuana-related business if the financial institutions comply with the requirements of:

The 2014 Financial Crimes Enforcement Network guidance;

The guidance and priorities set forth in the Department of Justice's 2013 memorandum from Deputy Attorney General James M. Cole (the “Cole Memo”); and

Is subject to the institution's own evaluation of the risks associated with offering products and services and its ability and systems to effectively manage those risks - as all DFS-regulated institutions do with regard to all their banking relationships.

STATES PUSH EQUIFAX TO REPORT BY JULY 31 ON DATA BREACH FIXES

Equifax, the giant credit reporting firm, has until July 31 to detail steps to regulators in eight states that the firm has taken to respond to a giant data breach last year – and 90 days to strengthen its data defenses -- in the first major regulatory punishment for the breach affecting 147 million U.S. consumers.

If the firm falls short on any promises it made that are outlined in a consent order reached June 27, it would face punitive action from the regulators in Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas.

The consent order found Equifax operated and managed its information technology systems in an inadequate manner before the breach. However, the order -- which the firm agreed to but did not admit or deny wrongdoing for the breach -- requires the credit reporting agency to make improvements in a number of areas, including information security, audit functions, board and management oversight, vendor management, patch management and information technology operations.

The order gives the credit-reporting firm 90 days to strengthen its information-security defenses, including in vendor-risk management, patches and disaster response. Equifax has a month to create an annual internal audit program monitored by members of its board, and the company will have to issue reports to the regulators by July 31, detailing the steps it has taken to respond to the breach.

BCFP ACTING DEPUTY DIRECTOR NAMED AS PREDECESSOR QUITS

Brian Johnson is the new acting deputy director for the BCFP (formerly known as the CFPB), taking the place of the former incumbent who officially resigned this week. Johnson was selected for the position by Acting Director John “Mick” Mulvaney, who announced the appointment Monday. Johnson was formerly principal policy director at the agency. The new deputy director takes the place of Leandra English, who officially resigned the position Monday (after announcing her plans to do so the previous Friday). English had challenged Mulvaney for the position of acting director in federal court, -- which rebuffed her. In April, a federal appeals court heard her appeal of the lower court’s decision but has not yet ruled. English this week also dropped her lawsuit.

… FOLLOWED BY HEARING SCHEDULED FOR BCFP DIRECTOR NOMINEE

A hearing on the nomination for the next – and permanent -- director of the BCFP has been set for Thursday by the Senate Banking Committee. Kathleen “Kathy” Kraninger was nominated to be the director of the BCFP by President Donald Trump on June 20. If confirmed by the Senate, she would replace Mulvaney in leading the bureau; Mulvaney has been serving as acting director since November, when Trump appointed him to replace the Richard Cordray, who resigned. Kraninger, 43, is now associate director for general government for the Office of Management and Budget (OMB), which Mulvaney also oversees as director. In that role, which she has held since March 2017, she “oversees budget development and execution for a number of executive branch agencies including the Departments of Commerce, Justice, Homeland Security (DHS), Housing and Urban Development, Transportation (DOT), and Treasury,” according to her biography. (BCFP is not listed in her bio among the agencies she oversees.)

BRIEFLY: Changes made for new financial fraud task force

A new task force focused on financial fraud that will include top officials from the Justice Department and the FBI, and which replaces a similar panel established during the Obama administration, was ordered created this week by President Donald Trump – but it will not include representatives of NCUA or other federal financial institution regulators. Tuesday’s order terminates the Obama-era Financial Fraud Enforcement Task Force, which was chaired by the U.S. attorney general and included a long list of executive department and agency heads, including NCUA and the other regulators, as well as the Financial Crimes Enforcement Network (FinCEN). The new panel is titled “Task Force on Market Integrity and Consumer Fraud” to be established within the Justice Department by the attorney general (AG) but chaired by the deputy AG, will include the financial regulators in task force meetings “as deemed necessary” by the deputy AG (Rod Rosenstein).